General
-
Target
8be427c959d4c55515cc14aeacaca7c53cc576a5e94e948668c59ed7f15220c6.bin
-
Size
412KB
-
Sample
240627-1xmr1atblf
-
MD5
fe49f6ada3f6f3a28d70ca349a0f1272
-
SHA1
9d57aa2ef69f5bb4a9ba00b9ba7d20d0acdbfe12
-
SHA256
8be427c959d4c55515cc14aeacaca7c53cc576a5e94e948668c59ed7f15220c6
-
SHA512
5d59c4bf33c51386720e4637973454984b01cc4be688295fe2c5c2c24d5ec26ccb3fd0684b77989b44afe2f418562ae34800eb5258ba9e7be9c06dd3d9d8178b
-
SSDEEP
12288:3ZDNUHiiQDhu0vUEbqmEYxUtAORfyi7n7G:3F+HiiQFvUE+JhXKiXG
Static task
static1
Behavioral task
behavioral1
Sample
8be427c959d4c55515cc14aeacaca7c53cc576a5e94e948668c59ed7f15220c6.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
8be427c959d4c55515cc14aeacaca7c53cc576a5e94e948668c59ed7f15220c6.bin
-
Size
412KB
-
MD5
fe49f6ada3f6f3a28d70ca349a0f1272
-
SHA1
9d57aa2ef69f5bb4a9ba00b9ba7d20d0acdbfe12
-
SHA256
8be427c959d4c55515cc14aeacaca7c53cc576a5e94e948668c59ed7f15220c6
-
SHA512
5d59c4bf33c51386720e4637973454984b01cc4be688295fe2c5c2c24d5ec26ccb3fd0684b77989b44afe2f418562ae34800eb5258ba9e7be9c06dd3d9d8178b
-
SSDEEP
12288:3ZDNUHiiQDhu0vUEbqmEYxUtAORfyi7n7G:3F+HiiQFvUE+JhXKiXG
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-